Assume I have a server example.com. And it is a service with exposed api. But I do not have a documentation, is there way to see the api paths?
Paths like example.com/users,
example.com/events,
etc
There is supposed to be documentation, since the api is the work of someone, and it will be difficult to know what that person is thinking, or how he has structured his api. You should request the documentation if you can or get an alternative api that can do the same thing but is well documented
Related
I'm completing a python grpc server function-wise and being ready for deployment. Thusfar I have unsecure communication (pretty much the helloworld example when it comes to security). I thought I could put in place an authentication mechanism for my server in a reasonable amount of time after I observed that there was some documentation on this very topic provided by google. Closer investigation let me to believe otherwise.
The case is simple: Users (fellow colleagues of mine) login to their company mail (gmail) and use the resulting token (JWT, OAuth, OAuth2, I don't care) to gain access to the grpc server I wrote. No one else gets in.
Since googling grpc+authentication has been fruitless so far I believe I'm on the wrong track on how I should approach this kind of problem. So therefore the questions:
Given this use case, should my grpc server have any concern with authentication? If so, are there examples? Or should this be handled by a different system? If so, what system?
I noticed a lot of articles mentioning Envoy+gRPC. Can Envoy help me out here? Is it designed to deal with this?
The gRPC authentication can follow the same approach of a normal HTTP, the only thing you need to have in mind is that the authentication check would be placed in an gRPC interceptor and you will be looking at the metadata to get the creadentials. Unfortunately, I don't have an example to do it with Python but you can search in "how to add gRPC Server interceptors in Python" and then "how to work with gRPC metadata in Python"
Here an example in Golang, maybe it can give you the idea
I'm new to this api documentation era.
Vising this api documentation, I get to post and query data. I understand that's a demo api documentation with swagger.
But what happens with real world API documentation? do I have a documentation in demo.api.myawesome.com and actual api on api.myawesome. com using different data stores?
But again digging deeper, I got to find out that an api can be self documenting using swagger libraries. This seems like both api and documentation are using the same data store which can't be the case.
What am I missing here?
From the Swagger website:
Swagger is a set of rules (in other words, a specification) for a format describing REST APIs. The format is both machine-readable and human-readable. As a result, it can be used to share documentation among product managers, testers and developers, but can also be used by various tools to automate API-related processes.
So yes, it uses the same "back end" as the actual API. It's just visualizing it, allowing you to interact with it via the Swagger UI.
If you mean Swagger UI - the "try it out" button sends requests to the server specified by the host property in your spec. If host specifies your production server, requests will be sent to production; if it points to a sandbox, "try it out" will use the sandbox. You may have a version of the spec for internal use that points to production, and a public version that points to sandbox.
Note that Swagger supports authentication as a way to ensure that only authorized users (e.g. your actual customers with valid credentials or API keys) can make API calls.
You can omit host from the spec to disable the "try it out" functionality - this way you can still have the API docs, just without the interactive part.
This is really basic.I want to implement a RESTful web API.
Now I know you can write custom applications and scripts to integrate with the API.
What I need to know:
In what languages can you write this API? C#, Java, php?
When building/programming a program that implements this API, is this the client and the software that issued the API the server? (eg. Dropbox would be the server and the custom app that integrates with the Dropbox API is the Client?
Thank you.
A REST API can be built in any programming language that allows you to handle HTTP requests (or can be attached to a Web server as a handler for requests). The two methods I've been using:
Stand-alone Windows service implementing a REST service using WCF
WEB server Apache + PHP
You are correct about the terminology. A program consuming a service is called the client, a program providing a service is called the server (while actually in the PHP approach, Apache would be the server as it is taking the request and having the script handle it).
Additional nitpicking: JQuery is not a language, but a framework to help you use some JavaScript features more easily.
On your comment Recap:
Close :-) The Client transfers JSON/XML/whatever to a server using HTTP requests. The Client can be written in any language that can perform HTTP requests.
On the server side, there needs to be some application that handles the HTTP requests (service), also written in any language, as long as it "speaks" HTTP.
The API is the definition of which operations are possible, for example, adding user accounts, getting the current time, etc. (this is what you define - what do you want your service to do?).
The JSON/XML/whatever that you transfer is the workload, the parameters for the API call. For example, if you want to add a new user to your system, the workload could be the new user name, the real name, the eMail address and some other details about the user. If the API call returns the current server time, you might not need any parameters at all, but you get back JSON/XML/whatever from the service.
The actual call being made is determined by the URL you call. For example, the URL for adding a user could be http://localhost/myrestservice/adduser and you'd perform a POST request against that URL with the required workload. For the time example, the URL could be http://localhost/myrestservice/getservertime and you'd perform a GET request against that URL.
I suggest that you read about how REST services actually work before you start, as I see some question marks on your face ;-)
Short:
API = available operations (=> URLs)
Parameters to API calls = JSON/XML/Plain Text/whatever
Client = calls the service through HTTP
Service = handles the calls, replies to client in response to HTTP requests
If you are a php programmer and familiar with Codeigniter framework then go here : Working with RESTful Services in CodeIgniter.
visit also : Rest Tutorial
First of all, you should begin with learning what is a RESTful API.
http://en.wikipedia.org/wiki/Representational_state_transfer
http://www.restapitutorial.com/
http://rest.elkstein.org/
In what languages can you write this API? C#, Java, php, jQuery?
You can write an API in any language. What can help is the framework you'd be using. JQuery is not a language, but a framework for integrating Javascript application in every web browser, so it won't help.
I'd advice you to use a microframework to write your first RESTful API, because they usually are easy to use and help focus on the important (bottle/flask in python, express in javascript, silex in php, spark in java or nina in C#)
When building/programming a program that implements this API, is this the client and the software that issued the API the server? (eg. Dropbox would be the server and the custom app that integrates with the Dropbox API is the Client?
You're right, the server is providing you the service, hence the API. The client is user to that API, and implementing it into something useful.
As most of the people stated already, you can do this in just about any language.
Might I suggest that you look into NodeJS? If so, check out Restify: http://mcavage.github.io/node-restify/
There's a nice community behind NodeJS and I think it's quite open to newcomers. Just try not to pick up bad habits from JavaScript pitfalls. If you're new to programming, I'd suggest reading some intro book.
good luck!
When creating a site/script to be on the client end of a RESTful API, what tools are available to create a "workbench" to explore the API, examining headers and responses while working through the design? Preferably one(s) that allow you to enter a custom endpoint, and create sample requests to see the responses. I recall seeing one nice workbench before, but its name has escaped me.
Re-found the one I remembered: The Apigee Console is a great interface for playing around with an existing API or building your own.
Mashery's I/O Docs is an open source workbench that you can deploy yourself on a Node.js server with Redis for storage.
If you have the wadl file of the ReST Services, you can load it in SOAP UI and use it.
EditedAnother much simpler tool Rest Client
Does google code provide an API for accessing information about a project like github does on http://developer.github.com/v3/? I haven't found any.
It provides API for its tracker, but other API features present in GitHub might not yet be present.
You can use Google API discovery service (based on its lib) to make sure of that, though.